package com.third.customer.site.controller;

import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.third.customer.model.data.JsonResult;
import com.third.customer.model.data.UserType;
import com.third.customer.model.tables.User;
import com.third.customer.service.UserService;
import com.third.customer.service.data.UserModifyReq;
import com.third.customer.service.data.UserReq;
import com.third.customer.service.utils.PageResult;
import com.third.customer.site.Constants;
import com.third.customer.site.UserInfo;
import com.third.customer.site.controller.req.UserQueryReq;
import com.third.customer.site.controller.resp.UserResp;
import com.third.customer.site.support.ThirdAuth;
import com.third.customer.site.support.ThirdUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;

/**
 * Created by hehuaichun on 2020/5/19.
 */
@RestController
@RequestMapping("/users")
public class UserCtrl {

    @Autowired
    private UserService userService;

    @PostMapping
    @ThirdAuth(UserType.ADMIN)
    public JsonResult open(@ThirdUser UserInfo userInfo, UserReq userReq) {
        userReq.validator();
        User user = userService.open(userInfo.getUser().getCompanyId(), userReq);
        return JsonResult.ok(UserResp.convert(user));
    }

    @PostMapping("/{id}/modify")
    @ThirdAuth(UserType.ORDINARY)
    public JsonResult modify(@ThirdUser UserInfo userInfo, @PathVariable Long id, @Valid UserModifyReq req) {
        User modify = userService.getById(id);
        if (canOperator(userInfo, modify)) {
            User user = userService.modify(id, req);
            System.out.println(user.toString());
            return JsonResult.ok(UserResp.convert(user));
        }
        return JsonResult.fail(JsonResult.FORBIDDEN, "您没有权限修改该账户!");
    }

    @PostMapping("/{id}/delete")
    @ThirdAuth(UserType.ORDINARY)
    public JsonResult delete(@ThirdUser UserInfo userInfo, @PathVariable Long id) {
        User delete = userService.getById(id);
        if (canOperator(userInfo, delete)) {
            return JsonResult.ok(userService.delete(id));
        }
        return JsonResult.fail(JsonResult.FORBIDDEN, "您没有权限删除该账户!");
    }

    @GetMapping("/get")
    @ThirdAuth(UserType.ORDINARY)
    public JsonResult get(@ThirdUser UserInfo userInfo, @RequestParam String name) {
        User user = userService.getByName(userInfo.getCompanyId(), name);
        return JsonResult.ok(UserResp.convert(user));
    }

    @GetMapping
    @ThirdAuth(UserType.ORDINARY)
    public JsonResult list(@ThirdUser UserInfo userInfo, UserQueryReq req) {
        Page<User> page = userService.list(req.toParam(userInfo.getCompanyId()));
        List<UserResp> list = page.getRecords().stream().map(UserResp::convert).collect(Collectors.toList());
        return JsonResult.ok(PageResult.build(page, list));
    }

    @PostMapping("/login")
    public JsonResult login(@RequestParam Long companyId, String name, String password, HttpServletResponse response) {
        String token = userService.login(companyId, name, password);
        response.setHeader(Constants.THIRD_TOKEN, token);
        return JsonResult.ok(token);
    }

    @PostMapping("/logout")
    @ThirdAuth(UserType.ORDINARY)
    public JsonResult logout(@ThirdUser UserInfo userInfo) {
        userService.logout(userInfo.getToken());
        return JsonResult.ok();
    }

    /**
     * 判断当前用户是够能操作
     */
    private boolean canOperator(UserInfo userInfo, User operated) {
        User operator = userInfo.getUser();
        return (Objects.equals(operated.getId(), userInfo.getUser().getId()) ||
                (Objects.equals(operated.getCompanyId(), operator.getCompanyId()) && userInfo.userType() == UserType.ADMIN));
    }
}
